@steedos/objectql 2.1.57 → 2.1.61

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/lib/dynamic-load/preload_data.d.ts +3 -0
  2. package/lib/dynamic-load/preload_data.js +158 -1
  3. package/lib/dynamic-load/preload_data.js.map +1 -1
  4. package/lib/dynamic-load/restrictionRules.d.ts +1 -0
  5. package/lib/dynamic-load/restrictionRules.js +42 -0
  6. package/lib/dynamic-load/restrictionRules.js.map +1 -0
  7. package/lib/dynamic-load/shareRules.d.ts +1 -0
  8. package/lib/dynamic-load/shareRules.js +42 -0
  9. package/lib/dynamic-load/shareRules.js.map +1 -0
  10. package/lib/index.d.ts +3 -0
  11. package/lib/index.js +3 -0
  12. package/lib/index.js.map +1 -1
  13. package/lib/metadata-register/_base.d.ts +3 -1
  14. package/lib/metadata-register/_base.js +16 -5
  15. package/lib/metadata-register/_base.js.map +1 -1
  16. package/lib/metadata-register/permissionFields.d.ts +7 -0
  17. package/lib/metadata-register/permissionFields.js +18 -0
  18. package/lib/metadata-register/permissionFields.js.map +1 -0
  19. package/lib/metadata-register/restrictionRules.d.ts +7 -0
  20. package/lib/metadata-register/restrictionRules.js +18 -0
  21. package/lib/metadata-register/restrictionRules.js.map +1 -0
  22. package/lib/metadata-register/shareRules.d.ts +7 -0
  23. package/lib/metadata-register/shareRules.js +18 -0
  24. package/lib/metadata-register/shareRules.js.map +1 -0
  25. package/lib/types/field_permission.d.ts +4 -0
  26. package/lib/types/field_permission.js +50 -0
  27. package/lib/types/field_permission.js.map +1 -0
  28. package/lib/types/object.d.ts +0 -4
  29. package/lib/types/object.js +268 -261
  30. package/lib/types/object.js.map +1 -1
  31. package/lib/types/object_dynamic_load.js +13 -4
  32. package/lib/types/object_dynamic_load.js.map +1 -1
  33. package/lib/types/restrictionRule.d.ts +13 -0
  34. package/lib/types/restrictionRule.js +75 -0
  35. package/lib/types/restrictionRule.js.map +1 -0
  36. package/lib/types/shareRule.d.ts +13 -0
  37. package/lib/types/shareRule.js +75 -0
  38. package/lib/types/shareRule.js.map +1 -0
  39. package/lib/util/field.js +4 -4
  40. package/lib/util/field.js.map +1 -1
  41. package/lib/util/function_expression.d.ts +1 -1
  42. package/lib/util/function_expression.js +3 -2
  43. package/lib/util/function_expression.js.map +1 -1
  44. package/package.json +8 -8
  45. package/src/dynamic-load/preload_data.ts +44 -0
  46. package/src/dynamic-load/restrictionRules.ts +19 -0
  47. package/src/dynamic-load/shareRules.ts +19 -0
  48. package/src/index.ts +4 -1
  49. package/src/metadata-register/_base.ts +14 -3
  50. package/src/metadata-register/permissionFields.ts +13 -0
  51. package/src/metadata-register/restrictionRules.ts +12 -0
  52. package/src/metadata-register/shareRules.ts +13 -0
  53. package/src/types/field_permission.ts +26 -0
  54. package/src/types/object.ts +89 -68
  55. package/src/types/object_dynamic_load.ts +4 -1
  56. package/src/types/restrictionRule.ts +57 -0
  57. package/src/types/shareRule.ts +57 -0
  58. package/src/util/field.ts +4 -4
  59. package/src/util/function_expression.ts +2 -2
@@ -16,6 +16,9 @@ var object_events_1 = require("./object_events");
16
16
  var i18n_1 = require("@steedos/i18n");
17
17
  var object_layouts_1 = require("./object_layouts");
18
18
  var lodash_1 = require("lodash");
19
+ var shareRule_1 = require("./shareRule");
20
+ var restrictionRule_1 = require("./restrictionRule");
21
+ var field_permission_1 = require("./field_permission");
19
22
  var clone = require('clone');
20
23
  // 主子表有层级限制,超过3层就报错,该函数判断当前对象作为主表对象往下的层级最多不越过3层,
21
24
  // 其3层指的是A-B-C-D,它们都有父子关系,A作为最顶层,该对象上不可以再创建主表子表关系字段,但是B、C、D上可以;
@@ -713,117 +716,125 @@ var SteedosObjectType = /** @class */ (function (_super) {
713
716
  };
714
717
  SteedosObjectType.prototype.getUserObjectPermission = function (userSession) {
715
718
  return tslib_1.__awaiter(this, void 0, void 0, function () {
716
- var roles, objectRolesPermission, userObjectPermission, field_permissions, spaceId;
719
+ var roles, objectRolesPermission, userObjectPermission, rolesFieldsPermission, field_permissions, spaceId;
717
720
  return tslib_1.__generator(this, function (_a) {
718
- if (!userSession) {
719
- throw new Error('userSession is required');
720
- }
721
- roles = userSession.roles;
722
- objectRolesPermission = this.getObjectRolesPermission(userSession.spaceId);
723
- userObjectPermission = {
724
- allowRead: false,
725
- allowCreate: false,
726
- allowEdit: false,
727
- allowDelete: false,
728
- viewAllRecords: false,
729
- modifyAllRecords: false,
730
- viewCompanyRecords: false,
731
- modifyCompanyRecords: false,
732
- allowReadFiles: null,
733
- viewAllFiles: null,
734
- allowCreateFiles: null,
735
- allowEditFiles: null,
736
- allowDeleteFiles: null,
737
- modifyAllFiles: null,
738
- disabled_list_views: null,
739
- disabled_actions: null,
740
- unreadable_fields: null,
741
- uneditable_fields: null,
742
- unrelated_objects: null,
743
- field_permissions: null,
744
- read_filters: [],
745
- edit_filters: []
746
- };
747
- if (_.isEmpty(roles)) {
748
- throw new Error('not find user permission');
749
- }
750
- roles.forEach(function (role) {
751
- var rolePermission = objectRolesPermission[role];
752
- if (rolePermission) {
753
- _.each(userObjectPermission, function (v, k) {
754
- var _v = rolePermission[k];
755
- if (_.isBoolean(v)) {
756
- if (v === false && _v === true) {
757
- userObjectPermission[k] = _v;
758
- }
759
- }
760
- else if (['allowReadFiles', 'viewAllFiles', 'allowCreateFiles', 'allowEditFiles', 'allowDeleteFiles', 'modifyAllFiles'].indexOf(k) > -1) {
761
- if (_.isBoolean(_v)) {
762
- userObjectPermission[k] = _v;
763
- }
764
- }
765
- else if (['read_filters', 'edit_filters'].indexOf(k) > -1) {
766
- if ('edit_filters' === k) {
767
- if (!_.isEmpty(_v)) {
768
- userObjectPermission['read_filters'].push(_v);
721
+ switch (_a.label) {
722
+ case 0:
723
+ if (!userSession) {
724
+ throw new Error('userSession is required');
725
+ }
726
+ roles = userSession.roles;
727
+ objectRolesPermission = this.getObjectRolesPermission(userSession.spaceId);
728
+ userObjectPermission = {
729
+ allowRead: false,
730
+ allowCreate: false,
731
+ allowEdit: false,
732
+ allowDelete: false,
733
+ viewAllRecords: false,
734
+ modifyAllRecords: false,
735
+ viewCompanyRecords: false,
736
+ modifyCompanyRecords: false,
737
+ allowReadFiles: null,
738
+ viewAllFiles: null,
739
+ allowCreateFiles: null,
740
+ allowEditFiles: null,
741
+ allowDeleteFiles: null,
742
+ modifyAllFiles: null,
743
+ disabled_list_views: null,
744
+ disabled_actions: null,
745
+ unreadable_fields: null,
746
+ uneditable_fields: null,
747
+ unrelated_objects: null,
748
+ field_permissions: null,
749
+ };
750
+ if (_.isEmpty(roles)) {
751
+ throw new Error('not find user permission');
752
+ }
753
+ return [4 /*yield*/, field_permission_1.FieldPermission.getObjectFieldsPermissionGroupRole(this.name)];
754
+ case 1:
755
+ rolesFieldsPermission = _a.sent();
756
+ roles.forEach(function (role) {
757
+ var rolePermission = objectRolesPermission[role];
758
+ if (rolePermission) {
759
+ var roleFieldsPermission_1 = rolesFieldsPermission[role];
760
+ _.each(userObjectPermission, function (v, k) {
761
+ var _v = rolePermission[k];
762
+ if (k === 'field_permissions') {
763
+ _v = roleFieldsPermission_1;
769
764
  }
770
- }
771
- if (!_.isEmpty(_v)) {
772
- userObjectPermission[k].push(_v);
773
- }
765
+ if (_.isBoolean(v)) {
766
+ if (v === false && _v === true) {
767
+ userObjectPermission[k] = _v;
768
+ }
769
+ }
770
+ else if (['allowReadFiles', 'viewAllFiles', 'allowCreateFiles', 'allowEditFiles', 'allowDeleteFiles', 'modifyAllFiles'].indexOf(k) > -1) {
771
+ if (_.isBoolean(_v)) {
772
+ userObjectPermission[k] = _v;
773
+ }
774
+ }
775
+ else if (['read_filters', 'edit_filters'].indexOf(k) > -1) {
776
+ if ('edit_filters' === k) {
777
+ if (!_.isEmpty(_v)) {
778
+ userObjectPermission['read_filters'].push(_v);
779
+ }
780
+ }
781
+ if (!_.isEmpty(_v)) {
782
+ userObjectPermission[k].push(_v);
783
+ }
784
+ }
785
+ else if ((_.isArray(v) || _.isNull(v))) {
786
+ if (!_.isArray(_v)) {
787
+ _v = [];
788
+ }
789
+ if (_.isNull(v)) {
790
+ userObjectPermission[k] = _v;
791
+ }
792
+ else {
793
+ if (k === 'field_permissions') {
794
+ userObjectPermission[k] = _.union(v, _v);
795
+ }
796
+ else {
797
+ userObjectPermission[k] = _.intersection(v, _v);
798
+ }
799
+ }
800
+ }
801
+ });
774
802
  }
775
- else if ((_.isArray(v) || _.isNull(v))) {
776
- if (!_.isArray(_v)) {
777
- _v = [];
778
- }
779
- if (_.isNull(v)) {
780
- userObjectPermission[k] = _v;
781
- }
782
- else {
783
- if (k === 'field_permissions') {
784
- userObjectPermission[k] = _.union(v, _v);
803
+ });
804
+ field_permissions = {};
805
+ if (userObjectPermission.field_permissions) {
806
+ _.each(userObjectPermission.field_permissions, function (field_permission) {
807
+ var field = field_permission.field, read = field_permission.read, edit = field_permission.edit;
808
+ if (field_permissions[field]) {
809
+ field_permissions[field].edit = field_permissions[field].edit || edit;
810
+ if (field_permissions[field].edit) {
811
+ field_permissions[field].read = true;
785
812
  }
786
813
  else {
787
- userObjectPermission[k] = _.intersection(v, _v);
814
+ field_permissions[field].read = field_permissions[field].read || read;
788
815
  }
789
816
  }
790
- }
791
- });
792
- }
793
- });
794
- field_permissions = {};
795
- if (userObjectPermission.field_permissions) {
796
- _.each(userObjectPermission.field_permissions, function (field_permission) {
797
- var field = field_permission.field, read = field_permission.read, edit = field_permission.edit;
798
- if (field_permissions[field]) {
799
- field_permissions[field].edit = field_permissions[field].edit || edit;
800
- if (field_permissions[field].edit) {
801
- field_permissions[field].read = true;
802
- }
803
- else {
804
- field_permissions[field].read = field_permissions[field].read || read;
805
- }
817
+ else {
818
+ field_permissions[field] = {
819
+ field: field,
820
+ read: edit || read,
821
+ edit: edit
822
+ };
823
+ }
824
+ });
806
825
  }
807
- else {
808
- field_permissions[field] = {
809
- field: field,
810
- read: edit || read,
811
- edit: edit
812
- };
826
+ userObjectPermission.field_permissions = field_permissions;
827
+ userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
828
+ userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
829
+ userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
830
+ userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
831
+ userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
832
+ spaceId = userSession.spaceId;
833
+ if (util_1.isTemplateSpace(spaceId)) {
834
+ return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
813
835
  }
814
- });
836
+ return [2 /*return*/, userObjectPermission];
815
837
  }
816
- userObjectPermission.field_permissions = field_permissions;
817
- userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
818
- userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
819
- userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
820
- userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
821
- userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
822
- spaceId = userSession.spaceId;
823
- if (util_1.isTemplateSpace(spaceId)) {
824
- return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
825
- }
826
- return [2 /*return*/, userObjectPermission];
827
838
  });
828
839
  });
829
840
  };
@@ -1795,42 +1806,29 @@ var SteedosObjectType = /** @class */ (function (_super) {
1795
1806
  });
1796
1807
  });
1797
1808
  };
1798
- SteedosObjectType.prototype.appendRecordPermission = function (records, userSession) {
1799
- return tslib_1.__awaiter(this, void 0, void 0, function () {
1800
- var _ids, objPm, permissionFilters, filters, results, allowEditIds;
1801
- return tslib_1.__generator(this, function (_a) {
1802
- switch (_a.label) {
1803
- case 0:
1804
- _ids = _.pluck(records, '_id');
1805
- return [4 /*yield*/, this.getUserObjectPermission(userSession)];
1806
- case 1:
1807
- objPm = _a.sent();
1808
- permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
1809
- if (_.isEmpty(permissionFilters)) {
1810
- return [2 /*return*/];
1811
- }
1812
- filters = filters_1.formatFiltersToODataQuery(['_id', 'in', _ids]);
1813
- return [4 /*yield*/, this.directFind({
1814
- fields: ['_id'],
1815
- filters: "(" + filters + ") and (" + permissionFilters.join(' or ') + ")"
1816
- })];
1817
- case 2:
1818
- results = _a.sent();
1819
- allowEditIds = _.pluck(results, '_id');
1820
- _.each(records, function (record) {
1821
- if (_.include(allowEditIds, record._id)) {
1822
- record.record_permissions = {
1823
- allowRead: true,
1824
- allowEdit: true,
1825
- allowDelete: true,
1826
- };
1827
- }
1828
- });
1829
- return [2 /*return*/];
1830
- }
1831
- });
1832
- });
1833
- };
1809
+ // private async appendRecordPermission(records, userSession) {
1810
+ // const _ids = _.pluck(records, '_id');
1811
+ // const objPm = await this.getUserObjectPermission(userSession);
1812
+ // const permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
1813
+ // if (_.isEmpty(permissionFilters)) {
1814
+ // return;
1815
+ // }
1816
+ // const filters = formatFiltersToODataQuery(['_id', 'in', _ids])
1817
+ // const results = await this.directFind({
1818
+ // fields: ['_id'],
1819
+ // filters: `(${filters}) and (${permissionFilters.join(' or ')})`
1820
+ // });
1821
+ // const allowEditIds = _.pluck(results, '_id');
1822
+ // _.each(records, (record) => {
1823
+ // if (_.include(allowEditIds, record._id)) {
1824
+ // record.record_permissions = {
1825
+ // allowRead: true,
1826
+ // allowEdit: true,
1827
+ // allowDelete: true,
1828
+ // }
1829
+ // }
1830
+ // })
1831
+ // }
1834
1832
  SteedosObjectType.prototype.getTriggerContext = function (when, method, args, recordId) {
1835
1833
  return tslib_1.__awaiter(this, void 0, void 0, function () {
1836
1834
  var userSession, context, _a;
@@ -1920,7 +1918,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
1920
1918
  args[_i - 1] = arguments[_i];
1921
1919
  }
1922
1920
  return tslib_1.__awaiter(this, void 0, void 0, function () {
1923
- var adapterMethod, allow, objectName, recordId, doc, paramRecordId, returnValue, userSession, beforeTriggerContext, afterTriggerContext, previousDoc, values, _records;
1921
+ var adapterMethod, allow, objectName, recordId, doc, paramRecordId, returnValue, userSession, beforeTriggerContext, afterTriggerContext, previousDoc, values;
1924
1922
  return tslib_1.__generator(this, function (_a) {
1925
1923
  switch (_a.label) {
1926
1924
  case 0:
@@ -1963,7 +1961,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
1963
1961
  return [4 /*yield*/, adapterMethod.apply(this._datasource, args)];
1964
1962
  case 4:
1965
1963
  returnValue = _a.sent();
1966
- return [3 /*break*/, 25];
1964
+ return [3 /*break*/, 21];
1967
1965
  case 5:
1968
1966
  userSession = args[args.length - 1];
1969
1967
  return [4 /*yield*/, this.getTriggerContext('before', method, args)];
@@ -1989,43 +1987,40 @@ var SteedosObjectType = /** @class */ (function (_super) {
1989
1987
  return [4 /*yield*/, adapterMethod.apply(this._datasource, args)];
1990
1988
  case 10:
1991
1989
  returnValue = _a.sent();
1992
- if (!(method === 'find' || method == 'findOne' || method == 'count' || method == 'aggregate' || method == 'aggregatePrefixalPipeline')) return [3 /*break*/, 14];
1993
- values = returnValue || {};
1994
- if (!(method === 'count')) return [3 /*break*/, 11];
1995
- values = returnValue || 0;
1996
- return [3 /*break*/, 13];
1997
- case 11:
1998
- if (!userSession) return [3 /*break*/, 13];
1999
- _records = returnValue;
2000
- if (method == 'findOne' && returnValue) {
2001
- _records = [_records];
1990
+ if (method === 'find' || method == 'findOne' || method == 'count' || method == 'aggregate' || method == 'aggregatePrefixalPipeline') {
1991
+ values = returnValue || {};
1992
+ if (method === 'count') {
1993
+ values = returnValue || 0;
1994
+ }
1995
+ // else{
1996
+ // if (userSession) {
1997
+ // let _records = returnValue
1998
+ // if (method == 'findOne' && returnValue) {
1999
+ // _records = [_records]
2000
+ // }
2001
+ // await this.appendRecordPermission(_records, userSession);
2002
+ // }
2003
+ // }
2004
+ Object.assign(afterTriggerContext, { data: { values: values } });
2002
2005
  }
2003
- return [4 /*yield*/, this.appendRecordPermission(_records, userSession)];
2004
- case 12:
2005
- _a.sent();
2006
- _a.label = 13;
2007
- case 13:
2008
- Object.assign(afterTriggerContext, { data: { values: values } });
2009
- _a.label = 14;
2010
- case 14:
2011
2006
  // console.log("==returnValue==", returnValue);
2012
2007
  if (method == 'insert' && _.has(returnValue, '_id')) {
2013
2008
  afterTriggerContext.doc = returnValue;
2014
2009
  afterTriggerContext = Object.assign({}, afterTriggerContext, { id: returnValue._id });
2015
2010
  }
2016
- if (!(method == "update")) return [3 /*break*/, 17];
2017
- if (!returnValue) return [3 /*break*/, 16];
2011
+ if (!(method == "update")) return [3 /*break*/, 13];
2012
+ if (!returnValue) return [3 /*break*/, 12];
2018
2013
  afterTriggerContext.doc = returnValue;
2019
2014
  return [4 /*yield*/, this.runAfterTriggers(method, afterTriggerContext)];
2020
- case 15:
2015
+ case 11:
2021
2016
  _a.sent();
2022
- _a.label = 16;
2023
- case 16: return [3 /*break*/, 19];
2024
- case 17: return [4 /*yield*/, this.runAfterTriggers(method, afterTriggerContext)];
2025
- case 18:
2017
+ _a.label = 12;
2018
+ case 12: return [3 /*break*/, 15];
2019
+ case 13: return [4 /*yield*/, this.runAfterTriggers(method, afterTriggerContext)];
2020
+ case 14:
2026
2021
  _a.sent();
2027
- _a.label = 19;
2028
- case 19:
2022
+ _a.label = 15;
2023
+ case 15:
2029
2024
  if (method === 'find' || method == 'findOne' || method == 'count' || method == 'aggregate' || method == 'aggregatePrefixalPipeline') {
2030
2025
  if (_.isEmpty(afterTriggerContext.data) || (_.isEmpty(afterTriggerContext.data.values) && !_.isNumber(afterTriggerContext.data.values))) {
2031
2026
  return [2 /*return*/, returnValue];
@@ -2041,9 +2036,9 @@ var SteedosObjectType = /** @class */ (function (_super) {
2041
2036
  user_session: userSession,
2042
2037
  previous_record: afterTriggerContext.previousDoc
2043
2038
  }).run()];
2044
- case 20:
2039
+ case 16:
2045
2040
  _a.sent();
2046
- if (!returnValue) return [3 /*break*/, 23];
2041
+ if (!returnValue) return [3 /*break*/, 19];
2047
2042
  if (method === "insert") {
2048
2043
  // 当为insert时,上面代码执行后的doc不带_id,只能从returnValue中取
2049
2044
  doc = returnValue;
@@ -2051,18 +2046,18 @@ var SteedosObjectType = /** @class */ (function (_super) {
2051
2046
  }
2052
2047
  // 一定要先运行公式再运行汇总,以下两个函数顺序不能反
2053
2048
  return [4 /*yield*/, this.runRecordFormula(method, objectName, recordId, doc, userSession)];
2054
- case 21:
2049
+ case 17:
2055
2050
  // 一定要先运行公式再运行汇总,以下两个函数顺序不能反
2056
2051
  _a.sent();
2057
2052
  return [4 /*yield*/, this.runRecordSummaries(method, objectName, recordId, doc, previousDoc, userSession)];
2058
- case 22:
2053
+ case 18:
2059
2054
  _a.sent();
2060
- _a.label = 23;
2061
- case 23: return [4 /*yield*/, object_events_1.brokeEmitEvents(objectName, method, afterTriggerContext)];
2062
- case 24:
2055
+ _a.label = 19;
2056
+ case 19: return [4 /*yield*/, object_events_1.brokeEmitEvents(objectName, method, afterTriggerContext)];
2057
+ case 20:
2063
2058
  _a.sent();
2064
- _a.label = 25;
2065
- case 25: return [2 /*return*/, returnValue];
2059
+ _a.label = 21;
2060
+ case 21: return [2 /*return*/, returnValue];
2066
2061
  }
2067
2062
  });
2068
2063
  });
@@ -2117,29 +2112,28 @@ var SteedosObjectType = /** @class */ (function (_super) {
2117
2112
  });
2118
2113
  });
2119
2114
  };
2120
- SteedosObjectType.prototype.getObjectPermissionFilters = function (objectPermission, userSession, isEdit) {
2121
- var objectPermissionFilters = [];
2122
- var permissionFiltersKey = 'read_filters';
2123
- if (isEdit) {
2124
- permissionFiltersKey = 'edit_filters';
2125
- }
2126
- var globalData = Object.assign({}, userSession, { now: new Date() });
2127
- var permissionFilters = objectPermission[permissionFiltersKey];
2128
- _.each(permissionFilters, function (permissionFilter) {
2129
- if (_.isString(permissionFilter) && util_1.isExpression(permissionFilter.trim())) {
2130
- try {
2131
- var filters = util_1.parseSingleExpression(permissionFilter, {}, "#", globalData);
2132
- if (filters && !_.isString(filters)) {
2133
- objectPermissionFilters.push("(" + filters_1.formatFiltersToODataQuery(filters, userSession) + ")");
2134
- }
2135
- }
2136
- catch (error) {
2137
- console.error("getObjectPermissionFilters error", permissionFilter, error.message);
2138
- }
2139
- }
2140
- });
2141
- return objectPermissionFilters;
2142
- };
2115
+ // private getObjectPermissionFilters(objectPermission, userSession, isEdit) {
2116
+ // const objectPermissionFilters = [];
2117
+ // let permissionFiltersKey = 'read_filters';
2118
+ // if (isEdit) {
2119
+ // permissionFiltersKey = 'edit_filters';
2120
+ // }
2121
+ // const globalData = Object.assign({}, userSession, { now: new Date() });
2122
+ // let permissionFilters = objectPermission[permissionFiltersKey];
2123
+ // _.each(permissionFilters, (permissionFilter) => {
2124
+ // if (_.isString(permissionFilter) && isExpression(permissionFilter.trim())) {
2125
+ // try {
2126
+ // const filters = parseSingleExpression(permissionFilter, {}, "#", globalData);
2127
+ // if (filters && !_.isString(filters)) {
2128
+ // objectPermissionFilters.push(`(${formatFiltersToODataQuery(filters, userSession)})`)
2129
+ // }
2130
+ // } catch (error) {
2131
+ // console.error(`getObjectPermissionFilters error`, permissionFilter, error.message);
2132
+ // }
2133
+ // }
2134
+ // })
2135
+ // return objectPermissionFilters;
2136
+ // }
2143
2137
  /**
2144
2138
  * 把query.filters用formatFiltersToODataQuery转为odata query
2145
2139
  * 主要是为了把userSession中的utcOffset逻辑传入formatFiltersToODataQuery函数处理
@@ -2160,82 +2154,95 @@ var SteedosObjectType = /** @class */ (function (_super) {
2160
2154
  };
2161
2155
  SteedosObjectType.prototype.dealWithMethodPermission = function (method, args) {
2162
2156
  return tslib_1.__awaiter(this, void 0, void 0, function () {
2163
- var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, objectPermissionFilters, clientFilter, filters, permissionFilters, userFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters, queryFilters, companyFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters;
2157
+ var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, shareRuleFilters, restrictionRuleFilters, clientFilter, filters, permissionFilters, userFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters, queryFilters, companyFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters;
2164
2158
  return tslib_1.__generator(this, function (_a) {
2165
2159
  switch (_a.label) {
2166
2160
  case 0:
2167
2161
  userSession = args[args.length - 1];
2168
- if (!userSession) return [3 /*break*/, 2];
2162
+ if (!userSession) return [3 /*break*/, 5];
2169
2163
  spaceId = userSession.spaceId;
2170
2164
  userId = userSession.userId;
2171
2165
  return [4 /*yield*/, this.getUserObjectPermission(userSession)];
2172
2166
  case 1:
2173
2167
  objPm = _a.sent();
2174
- if (method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2175
- query = args[args.length - 2];
2176
- if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2177
- query = args[args.length - 3];
2178
- }
2179
- if (query.filters && !_.isString(query.filters)) {
2180
- query.filters = filters_1.formatFiltersToODataQuery(query.filters);
2181
- }
2182
- if (this.table_name == 'cfs.files.filerecord' || this.table_name == 'cfs.instances.filerecord') {
2183
- return [2 /*return*/];
2184
- }
2185
- if (util_1.isCloudAdminSpace(spaceId)) {
2186
- return [2 /*return*/];
2187
- }
2188
- spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, objectPermissionFilters = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
2189
- if (spaceId) {
2190
- spaceFilter = "(space eq '" + spaceId + "')";
2191
- }
2192
- if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) { // 公司级
2193
- if (_.isEmpty(userSession.companies)) {
2194
- console.log('objPm', objPm);
2195
- throw new Error("user not belong any company!");
2196
- }
2197
- companyFilter = _.map(userSession.companies, function (comp) {
2198
- return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
2199
- });
2200
- }
2201
- if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
2202
- ownerFilter = "(owner eq '" + userId + "')";
2203
- }
2204
- objectPermissionFilters = this.getObjectPermissionFilters(objPm, userSession, false);
2205
- if (!_.isEmpty(objectPermissionFilters)) {
2206
- permissionFilters.push("(" + objectPermissionFilters.join(' or ') + ")");
2207
- }
2208
- sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
2209
- if (!_.isEmpty(companyFilter)) {
2210
- permissionFilters.push("(" + companyFilter.join(' or ') + ")");
2211
- }
2212
- if (ownerFilter) {
2213
- permissionFilters.push(ownerFilter);
2214
- }
2215
- if (!_.isEmpty(sharesFilter)) {
2216
- permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
2217
- }
2218
- if (clientFilter) {
2219
- userFilters.push(clientFilter);
2220
- }
2221
- if (spaceFilter) {
2222
- userFilters.push(spaceFilter);
2223
- }
2224
- if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
2225
- filters = permissionFilters.join(' or ');
2226
- }
2227
- if (!_.isEmpty(userFilters)) {
2228
- filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
2168
+ if (!(method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline')) return [3 /*break*/, 4];
2169
+ query = args[args.length - 2];
2170
+ if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2171
+ query = args[args.length - 3];
2172
+ }
2173
+ if (query.filters && !_.isString(query.filters)) {
2174
+ query.filters = filters_1.formatFiltersToODataQuery(query.filters);
2175
+ }
2176
+ if (this.table_name == 'cfs.files.filerecord' || this.table_name == 'cfs.instances.filerecord') {
2177
+ return [2 /*return*/];
2178
+ }
2179
+ if (util_1.isCloudAdminSpace(spaceId)) {
2180
+ return [2 /*return*/];
2181
+ }
2182
+ spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, shareRuleFilters = void 0, restrictionRuleFilters = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
2183
+ if (spaceId) {
2184
+ spaceFilter = "(space eq '" + spaceId + "')";
2185
+ }
2186
+ if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) { // 公司级
2187
+ if (_.isEmpty(userSession.companies)) {
2188
+ console.log('objPm', objPm);
2189
+ throw new Error("user not belong any company!");
2229
2190
  }
2230
- query.filters = filters;
2191
+ companyFilter = _.map(userSession.companies, function (comp) {
2192
+ return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
2193
+ });
2231
2194
  }
2232
- else if (method === 'insert') {
2195
+ if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
2196
+ ownerFilter = "(owner eq '" + userId + "')";
2197
+ }
2198
+ return [4 /*yield*/, shareRule_1.ShareRules.getUserObjectFilters(this.name, userSession)];
2199
+ case 2:
2200
+ shareRuleFilters = _a.sent();
2201
+ if (!_.isEmpty(shareRuleFilters)) {
2202
+ permissionFilters.push("(" + shareRuleFilters.join(' or ') + ")");
2203
+ }
2204
+ return [4 /*yield*/, restrictionRule_1.RestrictionRule.getUserObjectFilters(this.name, userSession)];
2205
+ case 3:
2206
+ restrictionRuleFilters = _a.sent();
2207
+ if (!_.isEmpty(restrictionRuleFilters)) {
2208
+ userFilters.push("(" + restrictionRuleFilters.join(' or ') + ")");
2209
+ }
2210
+ // objectPermissionFilters = this.getObjectPermissionFilters(objPm, userSession, false);
2211
+ // if (!_.isEmpty(objectPermissionFilters)) {
2212
+ // permissionFilters.push(`(${objectPermissionFilters.join(' or ')})`);
2213
+ // }
2214
+ sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
2215
+ if (!_.isEmpty(companyFilter)) {
2216
+ permissionFilters.push("(" + companyFilter.join(' and ') + ")");
2217
+ }
2218
+ if (ownerFilter) {
2219
+ permissionFilters.push(ownerFilter);
2220
+ }
2221
+ if (!_.isEmpty(sharesFilter)) {
2222
+ permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
2223
+ }
2224
+ if (clientFilter) {
2225
+ userFilters.push(clientFilter);
2226
+ }
2227
+ if (spaceFilter) {
2228
+ userFilters.push(spaceFilter);
2229
+ }
2230
+ if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
2231
+ filters = permissionFilters.join(' or ');
2232
+ }
2233
+ if (!_.isEmpty(userFilters)) {
2234
+ filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
2235
+ }
2236
+ query.filters = filters;
2237
+ return [3 /*break*/, 5];
2238
+ case 4:
2239
+ if (method === 'insert') {
2233
2240
  if (!objPm.allowCreate) {
2234
2241
  throw new Error("no " + method + " permission!");
2235
2242
  }
2236
2243
  }
2237
2244
  else if (method === 'update' || method === 'updateOne') {
2238
- permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
2245
+ permissionFilters = null;
2239
2246
  if (!objPm.allowEdit && _.isEmpty(permissionFilters)) {
2240
2247
  throw new Error("no " + method + " permission!");
2241
2248
  }
@@ -2303,7 +2310,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
2303
2310
  }
2304
2311
  }
2305
2312
  else if (method === 'delete') {
2306
- permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
2313
+ permissionFilters = null;
2307
2314
  if (!objPm.allowDelete && _.isEmpty(permissionFilters)) {
2308
2315
  throw new Error("no " + method + " permission!");
2309
2316
  }
@@ -2336,8 +2343,8 @@ var SteedosObjectType = /** @class */ (function (_super) {
2336
2343
  }
2337
2344
  args[args.length - 2] = id;
2338
2345
  }
2339
- _a.label = 2;
2340
- case 2: return [2 /*return*/];
2346
+ _a.label = 5;
2347
+ case 5: return [2 /*return*/];
2341
2348
  }
2342
2349
  });
2343
2350
  });